I’ve held off writing about the Facebook/Cambridge Analytica issue, because a lot of very good journalists have been covering it excellently.

But when ITV Tonight asked to film our mobile phone interception stage show for a documentary on the subject, it seemed a good chance to take stock of the story so far.

Working with ethical hacker Glenn Wilkinson, we brought an audience of people face to face with their online data:

The demo was actually pretty straightforward: we simply showed what advertisers see when they use Facebook and Google. But for many of the audience members, it was a through-the-looking-glass moment.

Suddenly, the cheery, useful web companies they interact with every day were revealed for what they actually are: cynical advertising machines that package up users and sell them to marketing companies.

We exposed how quickly “anonymous” data could be de-anonymised; we revealed how Google’s suggestions can help advertisers target young mums of special needs children who are desperate for money; we showed how much information you give away simply by clicking the “like” button.

But for me, the most memorable moment was when we brought up the difference between the “life events” Facebook shows its users, and “life events” Facebook shows to advertisers.

Here are the “life events” Facebook shows me, as a user:

Nice stuff, eh? New jobs, birthdays, etc. But if you’re an advertiser on Facebook, things look a bit different. Here are the top “life events” Facebook suggests advertisers target:

“Are you lonely? Worried? Afraid? Hey, then buy this product, maybe it’ll help!” For me, this is when the mask truly slipped, and I suspect many of our audience felt the same. (Conspicuously, when Glenn looked at their Facebook profiles the next day, almost all of them had significantly upped their privacy settings).

The programme airs Thu 3rd May, 7.30pm UK time. It’s inspired Glenn and I to construct a new presentation, The Secrets of Online Surveillance, which we’ll be putting in front of audiences soon.

Oh, and a final word on Cambridge Analytica: I’m interested in how many people were harmed, and how.

Around 300,000 people who carried out the personality quiz at the heart of the controversy were harmed when their data was shared with marketeers (something they almost certainly didn’t expect, as it was against Facebook’s terms and conditions).

Up to 87m people (the Facebook friends of those who used the personality quiz app) had their publicly-available Facebook data harvested (page likes, birthday and home town, etc). I guess the harm here is that they were then targeted by ads, including from the Republican Party, which perhaps affected the behaviour of floating voters. But if you’re worried that your publicly-available Facebook data is being used to influence your behaviour, then you should probably just not be on Facebook.

And if you’re worried by that, then you should be much more worried by something else instead: Facebook admitted in its US testimony that the publicly-available data of EVERYONE on Facebook has potentially been harvested, by the simple method of searching email addresses and phone numbers on Facebook and then copying the profile they match up to. That’s up to 2bn people.

Attempts to scrape publicly-available Facebook data go on all the time, not just by marketeers, but also by private security companies. Analysis of this data (and sometimes the actual data itself) is then routinely sold to people who want to use it to monitor and control your behaviour.

It’s useful that the Cambridge Analytica controversy has opened up this issue, but we’ve got a long way to go yet.